ComboFix 13-11-03.02 - alex 04.11.2013  23:25:12.2.3 - x64
Microsoft Windows 7 Максимальная   6.1.7600.0.1251.7.1033.18.3070.1395 [GMT 3:00]
Running from: c:\users\alex\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Clip2NetUnet\clip2net.exe
c:\users\alex\AppData\Roaming\iFunbox_UserCache\ifb_assets\8B\vssadmin.exe
c:\users\alex\AppData\Roaming\IHelper
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\ArtworkDB
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\Books.plist
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\iTunesCDB
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\iTunesCDB.unzip
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\MediaLibrary.sqlitedb-shm
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\MediaLibrary.sqlitedb-wal
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\MediaLibrary.sqlitedb
c:\users\alex\AppData\Roaming\IHelper\edfbf636a2747c7896d2c673042acbcd1f477e74\system\Purchases.plist
c:\users\alex\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-04 to 2013-11-04  )))))))))))))))))))))))))))))))
.
.
2013-11-04 20:33 . 2013-11-04 20:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-11-04 20:33 . 2013-11-04 20:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-11-04 20:33 . 2013-11-04 20:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-04 20:33 . 2013-11-04 20:33	--------	d-----w-	c:\users\admin\AppData\Local\temp
2013-11-04 18:04 . 2013-11-04 18:04	--------	d-----w-	c:\program files\trend micro
2013-11-04 16:42 . 2013-11-04 17:08	--------	d-----w-	c:\users\alex\Doctor Web
2013-11-04 08:20 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2D85AB2-D9C9-4D92-89F4-9D082DFA4F07}\mpengine.dll
2013-10-26 07:22 . 2013-10-26 07:22	--------	d-----w-	c:\users\alex\AppData\Roaming\ExportTool
2013-10-26 07:21 . 2013-10-26 08:10	--------	d-----w-	c:\program files (x86)\Samurize
2013-10-25 20:20 . 2013-10-25 20:20	--------	d-----w-	c:\users\alex\AppData\Local\iMobie_Inc
2013-10-25 20:20 . 2013-10-25 20:20	--------	d-----w-	c:\users\alex\AppData\Roaming\iMobie
2013-10-25 20:20 . 2013-10-25 20:20	--------	d-----w-	c:\program files (x86)\iMobie
2013-10-17 19:51 . 2013-10-17 19:51	--------	d-----w-	c:\users\alex\AppData\Local\ODUI
2013-10-17 19:50 . 2013-10-17 19:50	--------	d-----w-	c:\users\alex\AppData\Roaming\Stardock
2013-10-17 19:48 . 2013-10-17 19:48	--------	d-----w-	c:\users\alex\AppData\Local\Stardock
2013-10-17 01:46 . 2013-10-17 01:46	--------	d-----w-	c:\users\alex\AppData\Local\FluxSoftware
2013-10-06 17:29 . 2013-10-06 17:29	--------	d-----w-	c:\users\alex\AppData\Roaming\Insoft LLC
2013-10-06 17:28 . 2013-09-18 09:10	59504	----a-w-	c:\windows\system32\drivers\adgnetworktdi.sys
2013-10-06 17:28 . 2013-10-06 17:28	--------	d-----w-	c:\users\Default\AppData\Roaming\Insoft LLC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-26 07:35 . 2012-06-20 22:04	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-26 07:35 . 2011-08-14 21:23	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 07:12 . 2011-12-18 22:05	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.20910] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16768] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[-] 2010-11-03 . C87D3E7589835BACFE6C17E71C29D27B . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.20563] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16450] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AutoHideDesktopIcons"="c:\program files (x86)\AutoHideDesktopIcons\AutoHideDesktopIcons.exe" [2011-11-24 39936]
"F.lux"="c:\users\alex\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Adguard"="c:\program files (x86)\Adguard\Adguard.exe" [2013-09-30 1742872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Adguard"="c:\program files (x86)\Adguard\Adguard.exe" [2013-09-30 1742872]
.
c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3_F-Launcher - Ярлык.lnk - d:\downloads\!lol\kill\3_F-Launcher.exe [2013-8-19 447488]
DisableTaskbarOnTop64.exe [2012-6-22 62464]
Dropbox.lnk - c:\users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376]
greylink-x64 - Ярлык.lnk - d:\downloads\!lol\GreyLink\greylink-x64.exe [2011-8-22 7329280]
PowerStrip.lnk - c:\program files (x86)\PowerStrip\PStrip.exe [2009-3-11 738336]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-20 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R1 nltdi;nltdi; [x]
R2 am7pro;Art*Money*Pro7.40.5;c:\program files\ArtMoney\am74064.sys;c:\program files\ArtMoney\am74064.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys;c:\windows\SYSNATIVE\DRIVERS\kvnet.sys [x]
R3 kwflower;Kerio Control - Lower Layer Driver;c:\windows\system32\DRIVERS\kwflower.sys;c:\windows\SYSNATIVE\DRIVERS\kwflower.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netfilter;netfilter;c:\windows\system32\DRIVERS\netfilter.sys;c:\windows\SYSNATIVE\DRIVERS\netfilter.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 RK281X;Driver for RK281X Device;c:\windows\system32\DRIVERS\RK281X.sys;c:\windows\SYSNATIVE\DRIVERS\RK281X.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys;c:\windows\SYSNATIVE\drivers\scramby_out.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 ticapdrv;Traffic Inspector network driver;c:\windows\system32\DRIVERS\ticap.sys;c:\windows\SYSNATIVE\DRIVERS\ticap.sys [x]
R3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys;c:\windows\SYSNATIVE\DRIVERS\tmeter.sys [x]
R3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys;c:\windows\SYSNATIVE\DRIVERS\tmeter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 adgnetworktdi;adgnetworktdi;c:\windows\system32\drivers\adgnetworktdi.sys;c:\windows\SYSNATIVE\drivers\adgnetworktdi.sys [x]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys;c:\windows\SYSNATIVE\DRIVERS\dwvkbd64.sys [x]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys;c:\windows\SYSNATIVE\drivers\pstrip64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Adguard Service;Adguard Service;c:\program files (x86)\Adguard\AdguardSvc.exe;c:\program files (x86)\Adguard\AdguardSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe;c:\program files (x86)\USB Safely Remove\USBSRService.exe [x]
S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys;c:\windows\SYSNATIVE\DRIVERS\DamewareMini.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Проверка сети (Майкрософт);c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 07:35]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390735179-4064819312-2142617507-1000Core.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 04:51]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390735179-4064819312-2142617507-1000UA.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 04:51]
.
2013-11-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2013-02-17 11:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2012-11-25 2023424]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.by/
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver
IE: Закачать ВСЕ при помощи Download Master - c:\program files (x86)\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files (x86)\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files (x86)\Download Master\remdown.htm
TCP: DhcpNameServer = 192.168.32.7
TCP: Interfaces\{6FA69F88-93B9-4A07-B02C-9E4056B8D9CE}: NameServer = 172.17.0.1
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\qh2g472w.default\
FF - prefs.js: browser.search.selectedEngine - РЇРЅРґРµРєСЃ
FF - prefs.js: browser.startup.homepage - about:newtab
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
inifile="c:\program files\AkelPad\AkelPad.exe" "%1"
txtfile="c:\program files\AkelPad\AkelPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Clip2Net - c:\program files (x86)\Clip2NetUnet\clip2net.exe
Wow6432Node-HKCU-Run-Clip2NetUnet - c:\program files (x86)\Clip2NetUnet\clip2net.exe
Wow6432Node-HKCU-Run-ncVpYgss9ve3wdw6opE= - c:\users\alex\AppData\Roaming\Dropbox\shellext\l\RunLegacyCPLElevated.exe
c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk - c:\users\alex\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pb.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-390735179-4064819312-2142617507-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,12,6b,7c,b8,a9,df,3f,24,c4,4c,16,bf,86,14,5f,ea,5b,3b,a8,03,
   20,7e,30,2b,6a,68,4b,b7,59,9d,b4,b8,ad,a9,62,bb,f0,0e,c3,1f,ca,bf,d4,18,34,\
"rkeysecu"=hex:0e,18,ee,ff,be,99,f1,a0,1f,eb,e0,65,59,e1,4f,62
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\078365F4B4BB3E743B91432D6B8D5148\3C0591E9EBC7E2E468E13012D36B1F82]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="redirect.dll"
"ComponentVersion"="5.0.0.0"
"ProductVersion"="5.3.343"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8814E772548C9924FABEA8088C76BA46\3C0591E9EBC7E2E468E13012D36B1F82]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Adguard.exe"
"ComponentVersion"="5.3.343.2099"
"ProductVersion"="5.3.343"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E617312B9DFE1C744840E4A730C1937B\3C0591E9EBC7E2E468E13012D36B1F82]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="inststlib.dll"
"ComponentVersion"="4.8.0.0"
"ProductVersion"="5.3.343"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2013-11-04  23:46:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-04 20:46
.
Pre-Run: 1 388 310 528 байт свободно
Post-Run: 1 100 726 272 байт свободно
.
- - End Of File - - 0E8631D363269CD9971CA16CA20DF0B0
A36C5E4F47E84449FF07ED3517B43A31